From 61d0b4ac7ae8a02fa9699db3b5711aa35bde1358 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Wed, 15 Nov 2017 19:35:12 +0100 Subject: Add: INSTALL file --- INSTALL | 75 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) create mode 100644 INSTALL (limited to 'INSTALL') diff --git a/INSTALL b/INSTALL new file mode 100644 index 0000000..097bfbb --- /dev/null +++ b/INSTALL @@ -0,0 +1,75 @@ +INSTALL ick2 +============================================================================= + +The easy way to install ick2 is to use the script below. To prepare: + +* Clone git://git.liw.fi/ick2 +* Clone git://git.liw.fi/ansibleness +* Clone git://git.qvarnlabs.net/debian-ansible +* Create a VM. Should contain Debian stretch. + * edit `ansibleness/ansible/hosts` to change the `ick2` line to + append `ansible_ssh_host=127.0.0.1`, where 127.0.0.1 is the actual + address of the VM + * also edit edit `ick2.yml` to set `remote_user` to a username that + can do sudo without a password, and that you can access via ssh, + without a password +* On another host, install ansible, pass, and have or create a PGP key + pair. +* Save the script below into setup.py and run it: Change the + FINGEPRINT line to refer to your PGP fingerprint. + + ./setup.sh "PATH/TO/ick2" "PATH/TO/ansibleness/ansible" \ + "PATH/TO/debian-ansible/roles/" + +* This should set up the VM to run the Ick2 controller and a worker. +* Verify: in the ick2 checkout, run: + + ./icktool --controller https://127.0.0.1 version + ./icktool --controller https://127.0.0.1 token + + Where 127.0.0.1 is again the address of the VM. The version command + should report the version number, the token command should write a + line of what looks like garbage, but is actually a JWT token. + +Alternatively, you can add code.liw.fi/debian to your APT sources +list, and install the ick2 package, and do the configuration manually. +See the roles/ick-controller/tasks/main.yml file in the ansiblness +repository for details. + + +Setup.py +----------------------------------------------------------------------------- + + #!/bin/sh + + set -eu + + SRC="$1" + PLAYBOOKS="$2" + export ANSIBLE_ROLES_PATH="$3" + + export FINGERPRINT='DBE5439D97D8262664A1B01844E17740B8611E9C' + export PASSWORD_STORE_DIR="$(pwd)/passwords" + + ssh-keygen -N '' -f worker_manager_key + "$SRC/generate-rsa-key" token_key + + openssl req -subj '/CN=domain.com/O=My Company Name LTD./C=US' -new \ + -newkey rsa:2048 -days 365 -nodes -x509 \ + -keyout ick2.key -out ick2.crt + cat ick2.key ick2.crt > ick.pem + + if [ ! -e "$PASSWORD_STORE_DIR" ] + then + pass init "$FINGERPRINT" + + pass insert -m ick2/wm_ssh_key < worker_manager_key + pass insert -m ick2/wm_ssh_key_pub < worker_manager_key.pub + + pass insert -m ick2/token_key < token_key + pass insert -m ick2/token_key.pub < token_key.pub + + pass insert -m ick2/ick.pem < ick.pem + fi + + (cd "$PLAYBOOKS" && ansible-playbook -i hosts ick2.yml) -- cgit v1.2.1